From c1a401f90e25a3a9ecd74b4ae7a85ee8bad96c14 Mon Sep 17 00:00:00 2001 From: sthen Date: Sat, 19 Sep 2015 12:44:38 +0000 Subject: [PATCH] switch easy-rsa to using openssl to unbreak; libressl doesn't allow $ENV:: in config files and easy-arrrrsa uses this heavily. --- security/easy-rsa/Makefile | 9 ++++---- .../patches/patch-easy-rsa_1_0_build-ca | 12 +++++++++++ .../patches/patch-easy-rsa_1_0_build-dh | 12 +++++++++++ .../patches/patch-easy-rsa_1_0_build-inter | 14 +++++++++++++ .../patches/patch-easy-rsa_1_0_build-key | 14 +++++++++++++ .../patches/patch-easy-rsa_1_0_build-key-pass | 14 +++++++++++++ .../patch-easy-rsa_1_0_build-key-pkcs12 | 16 ++++++++++++++ .../patch-easy-rsa_1_0_build-key-server | 14 +++++++++++++ .../patches/patch-easy-rsa_1_0_build-req | 12 +++++++++++ .../patches/patch-easy-rsa_1_0_build-req-pass | 12 +++++++++++ .../patches/patch-easy-rsa_1_0_list-crl | 12 +++++++++++ .../patches/patch-easy-rsa_1_0_make-crl | 12 +++++++++++ .../patches/patch-easy-rsa_1_0_revoke-crt | 12 +++++++++++ .../patches/patch-easy-rsa_1_0_revoke-full | 21 +++++++++++++++++++ .../patches/patch-easy-rsa_1_0_sign-req | 12 +++++++++++ .../patches/patch-easy-rsa_2_0_pkitool | 12 +++++++++++ 16 files changed, 206 insertions(+), 4 deletions(-) create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-ca create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-dh create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-inter create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-key create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pass create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pkcs12 create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-server create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-req create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_build-req-pass create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_list-crl create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_make-crl create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-crt create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-full create mode 100644 security/easy-rsa/patches/patch-easy-rsa_1_0_sign-req create mode 100644 security/easy-rsa/patches/patch-easy-rsa_2_0_pkitool diff --git a/security/easy-rsa/Makefile b/security/easy-rsa/Makefile index 259903a4b6f..4ec39b5ba4e 100644 --- a/security/easy-rsa/Makefile +++ b/security/easy-rsa/Makefile @@ -1,11 +1,9 @@ -# $OpenBSD: Makefile,v 1.3 2015/09/18 22:04:44 sthen Exp $ - -BROKEN = relies on $$ENV:: in openssl .cnf files +# $OpenBSD: Makefile,v 1.4 2015/09/19 12:44:38 sthen Exp $ COMMENT = small RSA key management package PKGNAME = easy-rsa-2.2.0 -REVISION = 0 +REVISION = 1 DISTNAME = ${PKGNAME}_master CATEGORIES = security @@ -16,6 +14,9 @@ PERMIT_PACKAGE_CDROM = Yes MASTER_SITES = https://github.com/downloads/OpenVPN/easy-rsa/ +# relies on passing environment variables to $ENV:: in config files +RUN_DEPENDS = security/openssl + CONFIGURE_STYLE = gnu NO_TEST = Yes diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-ca b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-ca new file mode 100644 index 00000000000..ac2f88790d0 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-ca @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_build-ca,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-ca.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-ca Sat Sep 19 13:40:54 2015 +@@ -6,7 +6,7 @@ + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \ ++ eopenssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \ + chmod 0600 ca.key + else + echo you must define KEY_DIR diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-dh b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-dh new file mode 100644 index 00000000000..74409513b24 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-dh @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_build-dh,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-dh.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-dh Sat Sep 19 13:40:56 2015 +@@ -6,7 +6,7 @@ + # + + if test $KEY_DIR; then +- openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} ++ eopenssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-inter b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-inter new file mode 100644 index 00000000000..bfb93ae4fd5 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-inter @@ -0,0 +1,14 @@ +$OpenBSD: patch-easy-rsa_1_0_build-inter,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-inter.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-inter Sat Sep 19 13:41:00 2015 +@@ -12,8 +12,8 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ +- openssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG ++ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ ++ eopenssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key new file mode 100644 index 00000000000..bd0f1c841e3 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key @@ -0,0 +1,14 @@ +$OpenBSD: patch-easy-rsa_1_0_build-key,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-key.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-key Sat Sep 19 13:41:02 2015 +@@ -12,8 +12,8 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ +- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ ++ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ ++ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ + chmod 0600 $1.key + else + echo you must define KEY_DIR diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pass b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pass new file mode 100644 index 00000000000..e11c4d3d002 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pass @@ -0,0 +1,14 @@ +$OpenBSD: patch-easy-rsa_1_0_build-key-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-key-pass.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-key-pass Sat Sep 19 13:41:04 2015 +@@ -12,8 +12,8 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ +- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ ++ eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ ++ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ + chmod 0600 $1.key + else + echo you must define KEY_DIR diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pkcs12 b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pkcs12 new file mode 100644 index 00000000000..a3757415dc0 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pkcs12 @@ -0,0 +1,16 @@ +$OpenBSD: patch-easy-rsa_1_0_build-key-pkcs12,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-key-pkcs12.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-key-pkcs12 Sat Sep 19 13:41:08 2015 +@@ -12,9 +12,9 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ +- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ +- openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \ ++ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ ++ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ ++ eopenssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \ + chmod 0600 $1.key $1.p12 + else + echo you must define KEY_DIR diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-server b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-server new file mode 100644 index 00000000000..346a377674a --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-server @@ -0,0 +1,14 @@ +$OpenBSD: patch-easy-rsa_1_0_build-key-server,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-key-server.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-key-server Sat Sep 19 13:41:13 2015 +@@ -14,8 +14,8 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \ +- openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \ ++ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \ ++ eopenssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \ + chmod 0600 $1.key + else + echo you must define KEY_DIR diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req new file mode 100644 index 00000000000..bcc41eee3b4 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_build-req,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-req.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-req Sat Sep 19 13:41:15 2015 +@@ -12,7 +12,7 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG ++ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req-pass b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req-pass new file mode 100644 index 00000000000..b7e8428388a --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req-pass @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_build-req-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/build-req-pass.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/build-req-pass Sat Sep 19 13:41:16 2015 +@@ -12,7 +12,7 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG ++ eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_list-crl b/security/easy-rsa/patches/patch-easy-rsa_1_0_list-crl new file mode 100644 index 00000000000..9a338db48d0 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_list-crl @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_list-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/list-crl.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/list-crl Sat Sep 19 13:41:19 2015 +@@ -12,7 +12,7 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl crl -text -noout -in $1 ++ eopenssl crl -text -noout -in $1 + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_make-crl b/security/easy-rsa/patches/patch-easy-rsa_1_0_make-crl new file mode 100644 index 00000000000..b2d3c5b861c --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_make-crl @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_make-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/make-crl.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/make-crl Sat Sep 19 13:41:20 2015 +@@ -12,7 +12,7 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl ca -gencrl -out $1 -config $KEY_CONFIG ++ eopenssl ca -gencrl -out $1 -config $KEY_CONFIG + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-crt b/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-crt new file mode 100644 index 00000000000..c36e545184d --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-crt @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_revoke-crt,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/revoke-crt.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/revoke-crt Sat Sep 19 13:41:27 2015 +@@ -12,7 +12,7 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl ca -revoke $1 -config $KEY_CONFIG ++ eopenssl ca -revoke $1 -config $KEY_CONFIG + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-full b/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-full new file mode 100644 index 00000000000..dc6a58111bc --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-full @@ -0,0 +1,21 @@ +$OpenBSD: patch-easy-rsa_1_0_revoke-full,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/revoke-full.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/revoke-full Sat Sep 19 13:41:36 2015 +@@ -16,14 +16,14 @@ if test $KEY_DIR; then + rm -f $RT + + # revoke key and generate a new CRL +- openssl ca -revoke $1.crt -config $KEY_CONFIG ++ eopenssl ca -revoke $1.crt -config $KEY_CONFIG + + # generate a new CRL +- openssl ca -gencrl -out $CRL -config $KEY_CONFIG ++ eopenssl ca -gencrl -out $CRL -config $KEY_CONFIG + cat ca.crt $CRL >$RT + + # verify the revocation +- openssl verify -CAfile $RT -crl_check $1.crt ++ eopenssl verify -CAfile $RT -crl_check $1.crt + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_1_0_sign-req b/security/easy-rsa/patches/patch-easy-rsa_1_0_sign-req new file mode 100644 index 00000000000..f3ab2f3efd3 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_sign-req @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_1_0_sign-req,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/1.0/sign-req.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/1.0/sign-req Sat Sep 19 13:41:38 2015 +@@ -12,7 +12,7 @@ fi + + if test $KEY_DIR; then + cd $KEY_DIR && \ +- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG ++ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG + else + echo you must define KEY_DIR + fi diff --git a/security/easy-rsa/patches/patch-easy-rsa_2_0_pkitool b/security/easy-rsa/patches/patch-easy-rsa_2_0_pkitool new file mode 100644 index 00000000000..465da4e6518 --- /dev/null +++ b/security/easy-rsa/patches/patch-easy-rsa_2_0_pkitool @@ -0,0 +1,12 @@ +$OpenBSD: patch-easy-rsa_2_0_pkitool,v 1.1 2015/09/19 12:44:38 sthen Exp $ +--- easy-rsa/2.0/pkitool.orig Sat Sep 19 13:40:50 2015 ++++ easy-rsa/2.0/pkitool Sat Sep 19 13:41:52 2015 +@@ -122,7 +122,7 @@ usage() + } + + # Set tool defaults +-[ -n "$OPENSSL" ] || export OPENSSL="openssl" ++[ -n "$OPENSSL" ] || export OPENSSL="eopenssl" + [ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" + [ -n "$GREP" ] || export GREP="grep" +